-
-
Notifications
You must be signed in to change notification settings - Fork 840
Security: flarum/framework
Security Navigation
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
Logout Route allows open redirectsGHSA-733r-8xcp-w9mr published
Jan 5, 2024 by GreXXLLow -
LFI and Blind SSRF via Avatar uploadGHSA-67c6-q4j4-hccg published
Aug 16, 2023 by SychO9High -
Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server filesGHSA-vhm8-wwrf-3gcw published
Mar 10, 2023 by SychO9Moderate -
Any user including unactivated can reply in public discussions whose first post was permanently deletedGHSA-hph3-hv3c-7725 published
Jan 10, 2023 by SychO9Low -
Notifications can leak restricted contentGHSA-8gcg-vwmw-rxj4 published
Jan 10, 2023 by SychO9Moderate -
Post mentions can be used to read any post on the forum without access controlGHSA-22m9-m3ww-53h3 published
Jan 10, 2023 by SychO9High -
XSS vulnerability with discussion titlesGHSA-7x4w-j98p-854x published
Nov 18, 2022 by SychO9Critical -
XSS vulnerability with translatorGHSA-5qjq-69w6-fg57 published
Jun 6, 2021 by luceosCritical -
CSRF attack prevention was skippedGHSA-3wjh-93gr-chh6 published
Jul 5, 2019 by franzliedkeHigh